I never understood why not the upstreams of "bulletproof hosts" simply disconnect / de-peer the entire AS until they clean up their act? Why won't their BGP neighbors take action?<p>If you can't get ScumBagISP-A to clean up their act, go to ScumBagISP-Upstream-B, and then the next hop ScumBagISP-Upstream-Nexthop-C, and the next, until you find a responsible carrier who can de-peer?
I read these numbers, and I look at my bandwidth costs at my data center, and I think, "wow, it sure is fortunate that so much excess backbone capacity ended up being build in the dot com era."
Original post - <a href="http://blog.fireeye.com/research/2012/07/grum-botnet-no-longer-safe-havens.html" rel="nofollow">http://blog.fireeye.com/research/2012/07/grum-botnet-no-long...</a>
I keep reading about spam networks knocked out and yet like any crime, if you take out the number one then everybody moves up a notch and somebody else joins the bottom. So either maybe they could make it harder. ISP's do packet inspection, maybe they could make it useful for the user. Block the sending of spam - both ways. Anybody selling viagra and penil extensions realy should be on a buisness internet account for a start.<p>The tools are out there, maybe the ISP's could give the users a configuration screen enabling them to block spam upstream. User virtual firewalls could be useful to the user and also the ISP. Maybe users could be tested on what they know and from that certain default settings are made on the firewall and options locked. If a user don't know what there doing then lets help them. Then any block will point them to speak to a human on the phone as they need that level of help. But instead we allow anybody to have a loaded electronic gun drive around the whole of the internet, scary when you think of it like that, but thats what you have, oh and spam.
Why don't botnet operators use a peer-to-peer style command centers? According to the original article on the FireEye blog, the network was taken down with only "three days of effort."